This long paper (90 pages), which can be found here, seeks to understand how traditional principles of EU law – particularly those related to exploitative abuses and respective remedies – apply to new business models that mainly rely on processing large amounts of users’ data. The analysis does not extend to the US because, following Trinko, the authors consider that antitrust law there does not extend to exploitative practices, even if the FTC has powers under the Sherman Act to pursue such practices under consumer and unfair practices law. I am afraid the review is rather long, because this paper’s contents are the equivalent of multiple articles.

The paper is structured as follows:

Section 2 provides an overview of European case law vis-à-vis exploitative abuses.

Art. 102 TFEU lists a number of exploitative abuses. Nevertheless, the European Commission has long focused on investigating exclusionary, rather than exploitative abuses. While this has led to limited case law on exploitative abuses, the authors identify a few exceptions:

Excessive Prices – In reaction mainly to preliminary references, the European courts have prohibited exploitative pricing practices when: (i) prices are excessive by reference to some relevant benchmark (usually costs); and (ii) prices are unfair. Over forty years – from United Brands to Latvian Copyright Society, the case law has not significantly deepened its analysis or guidance on the topic.

Discriminatory Prices – Discriminatory pricing can have either an exclusionary (e.g. in margin squeeze, where a vertically integrated company sells a product/service at a higher price to a downstream competitor than the price it charges its own subsidiary) or exploitative dimension (i.e. the dominant company sells the same product at different prices/conditions to its customers/consumers). In practice, the European courts have provided only limited guidance regarding when an exploitative discriminatory unilateral practice is anticompetitive. Discrimination should only be anticompetitive when it places someone at a “competitive disadvantage”, but the Court has “presumed” that price discrimination places the customer who pays the higher price for the same product/service in a competitive disadvantage in comparison to its “other trading partners” (e.g. British Airways). This has recently been revised in the Meo case, where the court added that the competition enforcer should take into consideration “…all the relevant circumstances” to determine whether price discrimination could produce a competitive disadvantage, in line with the more effects-based approach to Art. 102 TFEU. In particular, although the competition enforcer does not have to quantify the competitive disadvantage, the CJEU required competition agencies to show that the price disparity is capable of having a negative effect on the discriminated customer, while allowing the defendant company to present “objective justifications” to show the legality of the price disparity. This naturally reduces the scope for finding exploitative price discrimination.

Unfair Contractual Clauses – A number of contractual clauses imposed by a dominant company on its customers have been found to infringe Art. 102 TFEU. The Court has never provided a general definition of ‘unfair contractual clauses’ nor elaborated a list of anticompetitive clauses. The authors nonetheless infer a number of principles from the case law. In particular: (i) in all cases, the clauses were imposed on industrial customers rather than final consumers, thereby avoiding questions of overlap between competition and consumer law; (ii) in all cases, the dominant company was an unavoidable trading partner.

Privacy can serve either as an intermediate good (i.e. a good that can be used in order to produce other goods, to which a monetary value attaches) or as a final good. This tension comes to life in the ‘privacy paradox’, the fact that a broad majority of users claim to care about their privacy and the need for data protection, but do not act in accordance with these expressed preferences. The privacy paradox can be linked to two problems that can subsequently lead to market failures:

A failure by economic agents to act in a way that promotes their welfare (i.e. to protect their privacy). This leads to businesses which do not cater to privacy preferences gaining market shares and then, as a result of direct network effects and other reasons leading to market concentration and dominance, locking up consumers. In this context, it is doubtful that data subjects’ consent is “freely given” and “informed” as required under data protection law. A market failure can thus be said to arise, since the market is unable to satisfy the expressed (privacy) demands of users. Furthermore, such market operates counter the intention the lawmaker had when drafting the GDPR.

A lack of transparency regarding what happens to personal data once it is disclosed. As a result of information asymmetries, customers are not always able to make well-informed rational decisions regarding their personal data. Instead, internet users regularly consent to the collection and processing of their personal data, even though they are not (or are only barely) able to foresee what is happening to the data.

At this point, this section reviews the various arguments put forward in the literature against EU competition law intervention vis-à-vis exploitative abuses. These arguments relate to difficulties in identifying excessive prices, the inability of competition authorities to act as price regulators, and, more importantly, to the legal uncertainty and chilling effects on investment and innovation that intervention against excessive prices / unfair contractual clauses is bound to cause. When not opposing intervention against excessive prices, economists developed a number of stringent screens for intervention – e.g. intervention should only occur when there are high and non-transitory barriers to entry, it does not adversely affect innovation and it is impossible or inappropriate to set up a sector regulator

The section ends with a discussion of the relationship between competition, data protection and consumer law. Due to overlaps among these three policy areas – and particularly how they all ultimately focus on protecting individual welfare – some authors have argued that EU competition law should leave the task of sanctioning unfair contractual clauses in the context of the data economy to data protection and consumer laws. The authors challenge this argument: in spite of their “family ties”, these three policies have different objectives, scopes of application and enforcement structures, and thus one cannot substitute for the others.

Section 4 analyses three categories of abuses that may harm consumers/customers in data markets:

Unfair prices – Internet users often receive “free” services from online platforms in exchange for data. The online platform will use the large amount of data it collected to create detailed consumer profiles, either to improve the marketing of its products or to sell such precious information to other firms. This means that the concept of ‘unfair pricing’ may need to be updated to reflect data disclosure practices. In particular, unfair pricing could take the form of “excessive” amounts of personal data required by online platforms to provide “free” access to an online service. The authors consider that the requirements for excessive pricing are hard to meet, so we may still have to wait some time for an ‘excessive data disclosure’ case to come along. Somewhat to my surprise, they expressly hold that the German investigation into Facebook is not an excessive pricing matter. A second such anticompetitive practice might consist in a dataset holder imposing an excessive access price on industrial customers to provide access to its database. While this would also likely face a number of difficulties, it only requires a more traditional ‘excessive pricing’ analysis.

Discriminatory pricing – The authors first discuss the three degrees of economic price discrimination identified in the literature, and explain that first level (i.e. individualised) price discrimination was long thought to be impossible, something which has changed with the advent of big data. Via personal data analysis and by means of predictive modelling (i.e. profiling), algorithms facilitate price discrimination among different consumers who purchase goods and services from a dominant online platform. The question for competition law is whether this is pro- or anti-competitive. The authors review the arguments underpinning the dominant opinion that price discrimination is usually efficiency-enhancing, and counter them with authors who identify situations of potential consumer harm from price discrimination. They conclude that there is no reason to exclude the enforcement of Art. 102 TFEU vis-à-vis discriminatory pricing a priori when this practice has an exploitative dimension. In practice, however, they acknowledge that demonstrating that the discriminatory pricing gave rise to a competitive disadvantage would be a major challenge for any investigation.

Unfair contractual clauses – A theory of harm based on unfair contractual clauses will bear similarities to the discussion about “excessive pricing” in the data economy. In any event, and unlike with excessive pricing, there are no stringent legal barriers to bringing such a claim under the ECJ’s case law. The authors review the two cases which have raised concerns regarding unfair contractual clauses in Europe to date – the Facebook / WattsApp merger and the German investigation into Facebook – and conclude that such an abuse may arise when a dominant platform which is an unavoidable trading partner unilaterally changes its data protection terms/privacy policies in a way that leads to a decrease in the product quality of an online service (namely, by requiring the disclosure of additional information). The authors also note that while Facebook was sanctioned for granting incorrect data during merger control, the Italian competition agency has punished similar behaviour (namely the mixing of Facebook and WattsApp data) as an infringement consumer law.

The authors are somewhat sceptical of the impact – and suitability – of fines to deter behaviour which lawfulness is (at present) unclear. As such, they devote greater attention to alternative behavioural remedies.

In particular, the paper explores the possibility that national competition authorities may borrow from the European data protection regime a number of behavioural remedies to tackle forms of privacy degradations unilaterally imposed by online platforms. Such remedies might include: (i) the introduction of a price comparison web site as a potential behavioural remedy to solve issues of excessive and discriminatory pricing by super-dominant platforms; (ii) limiting the amount of data that a platform can collect; (iii) imposing data-sharing obligations with other platforms; and to (iv) ensure data portability.

Comment:

This is an interesting, ambitious paper. Inasmuch as the paper clearly may be used to buttress a specific case under investigation in Germany (the Facebook case, naturally), I am unable to discuss its conclusions at length. Nonetheless, there are some neutral points that are worth making.

First, the definition of market failure used by the authors seems to rely on a normative benchmark for a market (i.e. privacy standards as set out in data protection law) which is not market-related. This oddity is compounded by the authors placing, without justification, some sources of evidence about consumer welfare such as surveys above consumer behaviour regarding data disclosure, when consumer behaviour is the usual benchmark in competition cases. This approach raise doubts about whether there is any market failure in the first place. Perhaps more importantly, inasmuch as a legislator finds that there is a market failure, it is unclear why regulation would not be the obvious way to address that problem.

Second, as the authors point out, the existence of or possibility to implement sectoral regulation does not mean that there is no place for competition law. What seems more doubtful is that concepts taken from consumer and data protection law should be grafted onto competition law, and particularly that this composite approach better reflects ‘consumer welfare’. Such an approach is not uncommon – I have reviewed many papers on the digital economy that resort to such a strategy, either expressly or implicitly. This reflects the difficulties of replacing price as a metric for consumer welfare; but I remain unconvinced that such difficulties justify deploying criteria based on other regulatory fields, particularly when it is implicitly argued that the legal standards adopted by regulatory instruments are adequate proxies for consumer welfare. In other words, an orthodox approach would allow one to build a competition case that a dominant platform unlawfully exploited its users’ data by reducing their welfare; but merely finding that a business practice infringes data protection law should not be sufficient to establish an infringement of competition law.

Third, the authors’ approach to unfair contractual terms is potentially problematic. I cannot see why contractual conditions cannot be equated to a price – and this is a position that seems to be endorsed by the authors. It follows that the standard to identify unfair contractual terms should be similar to that applicable to excessive pricing. Yet, because the legal standards for the assessment of unfair contractual clauses under competition law are unclear, the authors are able to find an infringement merely because the conduct was ‘unilateral’ and ‘unfair’ – a remarkably low standard, and very far removed from the stringent controls imposed on findings of excessive pricing. It could be said that the authors impose an additional test, namely that the conduct must lead to a degradation of the quality of the service. However, the change in contractual terms they identify as anticompetitive concerns the additional disclosure of data, which would hardly seem to fit a natural understanding of ‘quality of service’ for its users. Furthermore, if that is the standard, then any increase in price would be prohibited, which is again an infringement threshold significantly lower than that applied to other exploitative abuses.

Lastly, as regards remedies, while proposing alternatives to fines might make sense for exploitative abuses, some of these remedies presuppose that competition agencies are able to act as de facto data regulators, and that somehow they will be able to not interfere with the companies’ business models. This is not to dismiss the authors’ suggestions – just to emphasise how much this ‘approach is unconventional, and that some issues would need to be addressed and analysed further’, as the authors recognise.